Skip to content

Instantly share code, notes, and snippets.

@ifdm001

ifdm001/IOS7eaptls.log Secret

Last active August 29, 2015 14:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ifdm001/57c03984282f33406aec to your computer and use it in GitHub Desktop.
Save ifdm001/57c03984282f33406aec to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cacert.pem
-----BEGIN CERTIFICATE-----
MIIChjCCAe+gAwIBAgIJAJwwf46uwsbmMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
BAYTAkVTMQ8wDQYDVQQIDAZCaXNjYXkxDjAMBgNVBAcMBUdldHhvMQwwCgYDVQQK
DANGb24xETAPBgNVBAsMCEZvbiBMYWJzMQswCQYDVQQDDAJDQTAeFw0xNDA2MTgw
NzM4NThaFw0xNjA2MTcwNzM4NThaMFwxCzAJBgNVBAYTAkVTMQ8wDQYDVQQIDAZC
aXNjYXkxDjAMBgNVBAcMBUdldHhvMQwwCgYDVQQKDANGb24xETAPBgNVBAsMCEZv
biBMYWJzMQswCQYDVQQDDAJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
wDR6qIDTdjfHugxGKiAtjdZPpyi6ZxJbfxMyUP9FpblXzJC/8JeAm4m59m0r28WN
ERLMAMxfEabsB5RWKRx9N1XqA0dLjpCPO1Z1g0HisrRAQfITBgfwd1bzEQjZzl9j
QAMskutd+ubZ2hm+nqbGa2xEC5kRKBEon52hYJKXWcUCAwEAAaNQME4wHQYDVR0O
BBYEFMR4lJMnTaFq4noOpP67BFCLuZBzMB8GA1UdIwQYMBaAFMR4lJMnTaFq4noO
pP67BFCLuZBzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANeJc02d1
CX64QaRRRYXBdtBCbBtZmb/pcnKe/58N4mmKJCJWVoAs9SrC87AvBZn5h6Da6yMt
zYS1xYtE7Ns6XdAo/n8tLAd9KNNnqjsQR3QiMCGXO/gDOVQZM0khRJ+h0H/vqTBJ
pKGVCVXe52R1kPLKW/ssMX4omX7iCUn7MSE=
-----END CERTIFICATE-----
Raw
cert-clt.pem
Bag Attributes
localKeyID: 27 62 59 7D 73 92 E2 3B F3 FC 6C 68 7F 60 54 C3 D6 53 AE B0
subject=/C=ES/ST=Biscay/L=Getxo/O=Fon/OU=Fon Labs/CN=user
issuer=/C=ES/ST=Biscay/L=Getxo/O=Fon/OU=Fon Labs/CN=CA
-----BEGIN CERTIFICATE-----
MIICRzCCAbCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJFUzEP
MA0GA1UECAwGQmlzY2F5MQ4wDAYDVQQHDAVHZXR4bzEMMAoGA1UECgwDRm9uMREw
DwYDVQQLDAhGb24gTGFiczELMAkGA1UEAwwCQ0EwHhcNMTQwNjE4MDczOTE0WhcN
MTUwNjE4MDczOTE0WjBeMQswCQYDVQQGEwJFUzEPMA0GA1UECAwGQmlzY2F5MQ4w
DAYDVQQHDAVHZXR4bzEMMAoGA1UECgwDRm9uMREwDwYDVQQLDAhGb24gTGFiczEN
MAsGA1UEAwwEdXNlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0dIaLcQL
58SnMzMHU0UZEKd12sRl06cQKRKOJpeqHBSkMBeiaJScljBDvGTH0FlsRNlKuoiR
6tVzu7bHuBHHOd+mJcQTABNQVyTU9weOSqakjqk5k6ZBbLPgurUb0qDMkbc9W8Fd
u+sLeWfOX0HAFpwRCtgqBN8IAlAw+h2fQgUCAwEAAaMXMBUwEwYDVR0lBAwwCgYI
KwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAWQ6YEliDdMfB6G6HKpUAa4A1Hor7
2yJOCLZPyPukIvJK2l3fgmk6hnjGm+i7yoox/cAnklavydaYhHv2hxamBYlMnDSN
OA5o5H94U4rwegzsKMezsxaXxp8XXWl5ZTy6XhWoH04u1rESzymzQhpENoUuC+qU
vou0VOPX51NScZI=
-----END CERTIFICATE-----
Bag Attributes
localKeyID: 27 62 59 7D 73 92 E2 3B F3 FC 6C 68 7F 60 54 C3 D6 53 AE B0
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIeGqGJE6zlCgCAggA
MBQGCCqGSIb3DQMHBAgpTh1JnXtdcASCAoAOLB+Tu53Q5Gh55Kc9NJhgoTU2lqEQ
Q8LO4hrkl5RTb2kgXCib8vs2fOxxWFBpz6atV/QfZo7ShGAMjSODRP2WNf/vi1dW
jlxXIiqkKoCGVGaYalBWAy7/d5kA9H55ow/mVpn5PBv98B2qf+yIl4MmeaAlqqRp
6XuBRQ+Q8s/0A6F95/4aBw3PtODITwjjpKfzelykRh1syXvPKrMA6F8nENtM8P6u
Yc/U0FArJI+cFgrDGVUZ5AzCf/5myGB4nLZf2xQvcW5bDncSfIR4I3pFdlRCLDYw
rtsorvR+nyeM0055DXXLCmdcSyjNeNCMGki701S8uhxhudnGiBBCX6ZUqiBtFIBn
jtwPkupx+XNBjmossgiDx60spw19VNMcGylM8J+ZS9bYYYGN/ChqqbZ5m90UL4gk
WXzh5lKIsaGtXI55RpYeI4k2+ewDNxYxjzRLGMpm+1/1xUdEgAOH20zsNENigCeu
JdXUakuq42Qu854aqbHXOA7rkLaH33L7QIwVOw2uRPY9p4FJdCWamtxpEQJ6MP6C
vOYRiXAKxTnXbSBeHXKbcv6AxPcY0w7kCpBHPWUrZKCeRqWzqnHSE++uox1/y4SD
ItFMIU4/Vnwi1jnufnxNQEqzEFnEXAMEkduqvbEDQf7EExeE5SGla1XVTwnUi5ZQ
S/3DFL9HNbd0Qg7aS0xFqJin+WssiYBO1bWcSvwFrwD3KWzPmjJaV3dXiPVySrEi
aavkh9ortLCtRl8oVNWN5q8lgEHq3qPmq4DoLZexlGhuJj8Eb2tNls8990wGhi20
MhxFrXYeQoNeUf0dC6ZPKE97Lb4SsQOLd+yiKnZt2dtDi4qAeWI1yKSO
-----END ENCRYPTED PRIVATE KEY-----
Raw
cert-srv.pem
Bag Attributes
localKeyID: A1 E6 DC BC BC 1C 22 44 3C 45 86 7C 04 25 D4 55 A4 C6 61 FA
subject=/C=ES/ST=Biscay/L=Getxo/O=Fon/OU=Fon Labs/CN=server
issuer=/C=ES/ST=Biscay/L=Getxo/O=Fon/OU=Fon Labs/CN=CA
-----BEGIN CERTIFICATE-----
MIICSTCCAbKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJFUzEP
MA0GA1UECAwGQmlzY2F5MQ4wDAYDVQQHDAVHZXR4bzEMMAoGA1UECgwDRm9uMREw
DwYDVQQLDAhGb24gTGFiczELMAkGA1UEAwwCQ0EwHhcNMTQwNjE4MDc0MDEyWhcN
MTUwNjE4MDc0MDEyWjBgMQswCQYDVQQGEwJFUzEPMA0GA1UECAwGQmlzY2F5MQ4w
DAYDVQQHDAVHZXR4bzEMMAoGA1UECgwDRm9uMREwDwYDVQQLDAhGb24gTGFiczEP
MA0GA1UEAwwGc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdp0cS
s0blbV2mYtBqbqG45/8q1mTbpEKtDDbVq/iaVUg+il4kWxRqmNYZqgFMOc5Esa7I
52ryVq0PD8XiNSGAXt6KzL4mFGNqNYbJmeh3LWAQqpvK7/6scxEAjgUSOjbrv7yd
jaWMtGyGzcHhsccOJcThR3TYZBCZPpvjt94AMQIDAQABoxcwFTATBgNVHSUEDDAK
BggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQC7cAvqZSujv8tnwyWfzP+wZp+2
3y8HqVhW4lrHRD1FwEzV4Th33Tfi7WYX2KYBM5h72DvpPW6jn52WvzR2sG9YEDEo
1aA8UZRqv37FXp9NxuqpP/9qv47OJWfhwEYEjJDD8rZyU7C5D993T446EsLKdZrV
cYVFo2c9rI/1dXU0fA==
-----END CERTIFICATE-----
Bag Attributes
localKeyID: A1 E6 DC BC BC 1C 22 44 3C 45 86 7C 04 25 D4 55 A4 C6 61 FA
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI0if35yJKs4oCAggA
MBQGCCqGSIb3DQMHBAjQqfN9ehz9RQSCAoAxy3WQ3ut+IiJTieWws1+chbv2kwCf
Kl/N5Dd29q9wBRRNKFxXwOv1Qj5avkPi5lu4H8+qGzXD/4R0DPZoHfpG+qH4H8HQ
Cj7Ie5OdrhMC+SYImmH6LLThj2YHoYHu7qQCmDp4WEHEEMRr+ivbFzFaX91IHzp3
oWh4+/i+iwzwpy7mlad1gssl0u+3y443W05MGELqkQ7PEEsqznbtN74A7XGQz0eR
Zry+dvxitn+KB3a04jlH9LSZ4UXOITyjqEmKaCdIsGBr6XtXHd5l4aJjzyfQaYfF
rd857Ucl1Zik56i45HJOywrERpneVrNw2COBGiUeX+Xs2RGw+p13nD8wx6IZGyqP
uz2tGcqY0l4sPF/wz85Ie/9Tw02Vxb8lLCfOG8XXmi/DAd9MAELOeDOHvDHKJX+z
wjB0b0Cc8LmzzLuHJ3VOU4/GuKOqC3NI1TYUOlNp5UrUjU4aBQzVwswvAqDHiUGC
rYPVmHWoeo8k04EKoQd+bPULQvrk68/n0ZMUL9Moy2+jGMht72Mp+MkGLpbAU248
aHrlBjF6YwkLFrW7JmNCXbXcpseC9/joBA5WfTvdXvNMb4YKYcpTMvvJvjq0yL6j
uUXIA3MIf83chnDMjPg3erw+aITdOvkzTWXMwcmqfnLIa+hOxcb5Tktn/RcZTtvX
2iiXV4wqM8eYJpToAlfkxU9FWkJJonIlOyPl6pu3al6Pkcm/h0nPsqshaTQiW9HS
tHEEXvD28dXxuyQ5Ig96fmynFzKdcJuPG5M+Ztjm0hCyWN+es1V4XI1wTO09Kmlt
+5FpYXK4k0A0xBjXyK9Sd+NAJEOAcCojZ9kIuuNVbLJZh61WpvY25ht+
-----END ENCRYPTED PRIVATE KEY-----
Raw
eap_tls.log
./radiusd -config_file goodies/eap_tls.cfg
Wed Jun 18 11:49:24 2014: DEBUG: Finished reading configuration file 'goodies/eap_tls.cfg'
Wed Jun 18 11:49:24 2014: DEBUG: Reading dictionary file './dictionary'
Wed Jun 18 11:49:24 2014: DEBUG: This system is IPv6 capable. IPv6 capability provided by: core
Wed Jun 18 11:49:24 2014: WARNING: Startup check found OpenSSL version 0x1000100f (OpenSSL 1.0.1 14 Mar 2012) while checking for the Heartbleed (CVE-2014-0160) vulnerability. This version may be vulnerable. See Radiator reference manual for DisabledRuntimeChecks parameter
Wed Jun 18 11:49:24 2014: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Jun 18 11:49:24 2014: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Jun 18 11:49:24 2014: NOTICE: Server started: Radiator 4.13 on ifon
Wed Jun 18 11:49:35 2014: WARNING: Attribute number 40 (vendor 3414) from 10.1.0.9:54719 is not defined in your dictionary
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 185
Authentic: <0><0><0><0><153>z<11><214><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128a"
Calling-Station-Id = "60-21-C0-68-A1-42"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2><251><0><9><1>user
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = <216>(<232><216><5><158>3<195>[K<254>H<9><215>w<138>
Wed Jun 18 11:49:35 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 11:49:35 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 11:49:35 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 11:49:35 2014: DEBUG: Handling with EAP: code 2, 251, 9, 1
Wed Jun 18 11:49:35 2014: DEBUG: Response type 1
Wed Jun 18 11:49:35 2014: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: Access challenged for user: EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Challenge
Identifier: 185
Authentic: m<177>|u9MU+qx<15><222>40E<30>
Attributes:
EAP-Message = <1><252><0><6><13>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 186
Authentic: <0><0><0><0><153>z<11><214><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128a"
Calling-Station-Id = "60-21-C0-68-A1-42"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2><252><0><204><13><0><22><3><1><0><193><1><0><0><189><3><1>S<161>`<180><1><248>'<231>j<176><191><226><132>l%<255><25><144>f#<213>}<219><237><251>~<17>=<249><219><4>}<0><0>T<192><20><192><10><192>"<192>!<0>9<0>8<192><15><192><5><0>5<192><18><192><8><192><28><192><27><0><22><0><19><192><13><192><3><0><10><192><19><192><9><192><31><192><30><0>3<0>2<192><14><192><4><0>/<192><17><192><7><192><12><192><2><0><5><0><4><0><21><0><18><0><9><0><20><0><17><0><8><0><6><0><3><0><255><1><0><0>@<0><11><0><4><3><0><1><2><0><10><0>4<0>2<0><14><0><13><0><25><0><11><0><12><0><24><0><9><0><10><0><22><0><23><0><8><0><6><0><7><0><20><0><21><0><4><0><5><0><18><0><19><0><1><0><2><0><3><0><15><0><16><0><17>
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = O<214><251>s/Y<200><231><227><139>c<131><247>N<197><222>
Wed Jun 18 11:49:35 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 11:49:35 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 11:49:35 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 11:49:35 2014: DEBUG: Handling with EAP: code 2, 252, 204, 13
Wed Jun 18 11:49:35 2014: DEBUG: Response type 13
Wed Jun 18 11:49:35 2014: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: Access challenged for user: EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Challenge
Identifier: 186
Authentic: <229><157>K<212> `<127>?<183><166>#<11><198>X<232><183>
Attributes:
EAP-Message = <1><253><3><242><13><192><0><0><5><178><22><3><1><0>Q<2><0><0>M<3><1>S<161>`<175><11><23><241>C*<228><167><176>b<<254><166><132>U<202>1<145><137><161><252><185>$<185>'<172><223><135><197> <233>d<30>:hu<138>b<134><0>+T<171>/s<190>r<176><198><188><22>#0)<200>N<245>{e<224>%<13><0>5<0><0><5><255><1><0><1><0><22><3><1><4><228><11><0><4><224><0><4><221><0><2>M0<130><2>I0<130><1><178><160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<30><23><13>140618074012Z
EAP-Message = <23><13>150618074012Z0`1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<15>0<13><6><3>U<4><3><12><6>server0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><157><167>G<18><179>F<229>m]<166>b<208>jn<161><184><231><255>*<214>d<219><164>B<173><12>6<213><171><248><154>UH><138>^$[<20>j<152><214><25><170><1>L9<206>D<177><174><200><231>j<242>V<173><15><15><197><226>5!<128>^<222><138><204><190>&<20>cj5<134><201><153><232>w-`<16><170><155><202><239><254><172>s<17><0><142><5><18>:6<235><191><188><157><141><165><140><180>l<134><205><193><225><177><199>
EAP-Message = <14>%<196><225>Gt<216>d<16><153>><155><227><183><222><0>1<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><187>p<11><234>e+<163><191><203>g<195>%<159><204><255><176>f<159><182><223>/<7><169>XV<226>Z<199>D=E<192>L<213><225>8w<221>7<226><237>f<23><216><166><1>3<152>{<216>;<233>=n<163><159><157><150><191>4v<176>oX<16>1(<213><160><Q<148>j<191>~<197>^<159>M<198><234><169>?<255>j<191><142><206>%g<225><192>F<4><140><144><195><242><182>rS<176><185><15><223>wO<142>:<18><194><202>u<154><213>q<133>E<163>g=<172><143><245>uu4|<0><2><138>0<130><2><134>0<130><1><239><160><3><2><1><2><2><9><0><156>0<127><142><174><194><198><230>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>
EAP-Message = 0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<30><23><13>140618073858Z<23><13>160617073858Z0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><192>4z<168><128><211>v7<199><186><12>F* -<141><214>O<167>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 187
Authentic: <0><0><0><0><153>z<11><214><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128a"
Calling-Station-Id = "60-21-C0-68-A1-42"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2><253><0><6><13><0>
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = -<199>g<135>r@pZ<245><143>B<243>#<203>X3
Wed Jun 18 11:49:35 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 11:49:35 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 11:49:35 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 11:49:35 2014: DEBUG: Handling with EAP: code 2, 253, 6, 13
Wed Jun 18 11:49:35 2014: DEBUG: Response type 13
Wed Jun 18 11:49:35 2014: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: Access challenged for user: EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Challenge
Identifier: 187
Authentic: o<217>'<23><6>Qs<132><186>i<250>[<196>.<191><14>
Attributes:
EAP-Message = <1><254><1><208><13><0>(<186>g<18>[<127><19>2P<255>E<165><185>W<204><144><191><240><151><128><155><137><185><246>m+<219><197><141><17><18><204><0><204>_<17><166><236><7><148>V)<28>}7U<234><3>GK<142><144><143>;Vu<131>A<226><178><180>@A<242><19><6><7><240>wV<243><17><8><217><206>_c@<3>,<146><235>]<250><230><217><218><25><190><158><166><198>klD<11><153><17>(<17>(<159><157><161>`<146><151>Y<197><2><3><1><0><1><163>P0N0<29><6><3>U<29><14><4><22><4><20><196>x<148><147>'M<161>j<226>z<14><164><254><187><4>P<139><185><144>s0<31><6><3>U<29>#<4><24>0<22><128><20><196>x<148><147>'M<161>j<226>z<14><164><254><187><4>P<139><185><144>s0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>5<226>\<211>gu<9>~<184>A<164>QE<133><193>v<208>Bl<27>Y<153><191><233>rr<158><255><159><13><226>i
EAP-Message = <138>$"VV<128>,<245>*<194><243><176>/<5><153><249><135><160><218><235>#-<205><132><181><197><139>D<236><219>:]<208>(<254><127>-,<7>}(<211>g<170>;<16>Gt"0!<151>;<248><3>9T<25>3I!D<159><161><208><127><239><169>0I<164><161><149><9>U<222><231>du<144><242><202>[<251>,1~(<153>~<226><9>I<251>1!<22><3><1><0>n<13><0><0>f<3><1><2>@<0>`<0>^0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA<14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 188
Authentic: <0><0><0><0><153>z<11><214><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128a"
Calling-Station-Id = "60-21-C0-68-A1-42"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2><254><5><128><13><192><0><0><6>8<22><3><1><4><226><11><0><4><222><0><4><219><0><2>K0<130><2>G0<130><1><176><160><3><2><1><2><2><1><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<30><23><13>140618073914Z<23><13>150618073914Z0^1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11>
EAP-Message = <12><8>Fon Labs1<13>0<11><6><3>U<4><3><12><4>user0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><209><210><26>-<196><11><231><196><167>33<7>SE<25><16><167>u<218><196>e<211><167><16>)<18><142>&<151><170><28><20><164>0<23><162>h<148><156><150>0C<188>d<199><208>YlD<217>J<186><136><145><234><213>s<187><182><199><184><17><199>9<223><166>%<196><19><0><19>PW$<212><247><7><142>J<166><164><142><169>9<147><166>Al<179><224><186><181><27><210><160><204><145><183>=[<193>]<187><235><11>yg<206>_A<192><22><156><17><10><216>*<4><223><8><2>P0<250><29><159>B<5><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>Y<14><152><18>X<131>t<199><193><232>n<135>*<149><0>k<128>5<30><138><251><219>
EAP-Message = "N<8><182>O<200><251><164>"<242>J<218>]<223><130>i:<134>x<198><155><232><187><202><138>1<253><192>'<146>V<175><201><214><152><132>{<246><135><22><166><5><137>L<156>4<141>8<14>h<228><127>xS<138><240>z<12><236>(<199><179><179><22><151><198><159><23>]iye<<186>^<21><168><31>N.<214><177><18><207>)<179>B<26>D6<133>.<11><234><148><190><139><180>T<227><215><231>SRq<146><0><2><138>0<130><2><134>0<130><1><239><160><3><2><1><2><2><9><0><156>0<127><142><174><194><198><230>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<30><23><13>1406180
EAP-Message = 73858Z<23><13>160617073858Z0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><192>4z<168><128><211>v7<199><186><12>F* -<141><214>O<167>(<186>g<18>[<127><19>2P<255>E<165><185>W<204><144><191><240><151><128><155><137><185><246>m+<219><197><141><17><18><204><0><204>_<17><166><236><7><148>V)<28>}7U<234><3>GK<142><144><143>;Vu<131>A<226><178><180>@A<242><19><6><7><240>wV<243><17><8><217><206>_c@<3>,<146><235>]<250><230><217><218><25><190><158>
EAP-Message = <166><198>klD<11><153><17>(<17>(<159><157><161>`<146><151>Y<197><2><3><1><0><1><163>P0N0<29><6><3>U<29><14><4><22><4><20><196>x<148><147>'M<161>j<226>z<14><164><254><187><4>P<139><185><144>s0<31><6><3>U<29>#<4><24>0<22><128><20><196>x<148><147>'M<161>j<226>z<14><164><254><187><4>P<139><185><144>s0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>5<226>\<211>gu<9>~<184>A<164>QE<133><193>v<208>Bl<27>Y<153><191><233>rr<158><255><159><13><226>i<138>$"VV<128>,<245>*<194><243><176>/<5><153><249><135><160><218><235>#-<205><132><181><197><139>D<236><219>:]<208>(<254><127>-,<7>}(<211>g<170>;<16>Gt"0!<151>;<248><3>9T<25>3I!D<159><161><208><127><239><169>0I<164><161><149><9>U<222><231>du<144><242><202>[<251>,1~(<153>~<226><9>I<251>1!
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = <227><189><198><166><196><255><2>2<201><181><217><31>E2<207>(
Wed Jun 18 11:49:35 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 11:49:35 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 11:49:35 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 11:49:35 2014: DEBUG: Handling with EAP: code 2, 254, 1408, 13
Wed Jun 18 11:49:35 2014: DEBUG: Response type 13
Wed Jun 18 11:49:35 2014: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: Access challenged for user: EAP TLS Challenge
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Challenge
Identifier: 188
Authentic: P<202>$9Fk<189><228>o{<27>l<16>e<18><1>
Attributes:
EAP-Message = <1><255><0><6><13><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 189
Authentic: <0><0><0><0><153>z<11><214><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128a"
Calling-Station-Id = "60-21-C0-68-A1-42"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2><255><0><200><13><0><134><15><0><0><130><0><128>x9P<157><181>f<187><196><2><239>O<233><14><217><244><203><156>i<169>v<254><6><218><187><233><17><184><192><162><151><198><201>#<235>@J<189>n<235><175>h7<236><209>u<221><173><191>9|<28><135><173><202><167>|<169>O<238>j<175><249>X!<159>l<185>6,<22><147><173><211>{0j,<173>MS<227>%R<242><27>fZ<194>cGo<214><191>t<0><9><174><187>G<195><129><158><241><209><216><172><7>c#<196>F.x<174><217><8>].<175><156><240><173>W<8><135><252>b'<20><3><1><0><1><1><22><3><1><0>0<11><249><133>3<143><184>R,8<2>qv<22><17><173>=<167><133>K+c<200><231>}<143><9><233><248>d<243><148><132>s9<249>w<149><170><132><148>l<223>([<213><211><173><176>
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = ZP<16>t<234><147><147>#<4><5>\<31><152><220><239>=
Wed Jun 18 11:49:35 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 11:49:35 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 11:49:35 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 11:49:35 2014: DEBUG: Handling with EAP: code 2, 255, 200, 13
Wed Jun 18 11:49:35 2014: DEBUG: Response type 13
Wed Jun 18 11:49:35 2014: DEBUG: Certificate Subject Name is /C=ES/ST=Biscay/L=Getxo/O=Fon/OU=Fon Labs/CN=user
Wed Jun 18 11:49:35 2014: DEBUG: Matched certificate CN user with User-Name user or identity user
Wed Jun 18 11:49:35 2014: DEBUG: Reading users file ./users
Wed Jun 18 11:49:35 2014: DEBUG: Radius::AuthFILE looks for match with user [user]
Wed Jun 18 11:49:35 2014: DEBUG: Radius::AuthFILE ACCEPT: : user [user]
Wed Jun 18 11:49:35 2014: ERR: EAP TLS error: -1, 1, 8592, 0, 22411: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Wed Jun 18 11:49:35 2014: DEBUG: EAP Failure, elapsed time 0.179251
Wed Jun 18 11:49:35 2014: DEBUG: EAP result: 1, EAP TLS error
Wed Jun 18 11:49:35 2014: DEBUG: AuthBy FILE result: REJECT, EAP TLS error
Wed Jun 18 11:49:35 2014: INFO: Access rejected for user: EAP TLS error
Wed Jun 18 11:49:35 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Reject
Identifier: 189
Authentic: <194><153>-<204><200><12><189><176>&<168><196><24><180><148><210>i
Attributes:
EAP-Message = <4><255><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Raw
IOS7eaptls.log
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 205
Authentic: <0><0><0><0> <220><150><137><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128e"
Calling-Station-Id = "48-74-6E-4F-8F-B2"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2>^<0><9><1>user
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = cM<201><181><160>c<207><180><\T<204>l4<207><190>
Wed Jun 18 15:20:25 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 15:20:25 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 15:20:25 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 15:20:25 2014: DEBUG: Handling with EAP: code 2, 94, 9, 1
Wed Jun 18 15:20:25 2014: DEBUG: Response type 1
Wed Jun 18 15:20:25 2014: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: Access challenged for user: EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Challenge
Identifier: 205
Authentic: <21><29><185>2g<137><206>,<181>{r<165><17><165><231><230>
Attributes:
EAP-Message = <1>_<0><6><13>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 206
Authentic: <0><0><0><0> <220><150><137><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128e"
Calling-Station-Id = "48-74-6E-4F-8F-B2"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2>_<0><152><13><128><0><0><0><142><22><3><1><0><137><1><0><0><133><3><1>S<161><146><25><<212>Obe<156><158><241><212>q<129><142>E.<219><31><241>d;<28><208><219><160>u<215>;<210><140><0><0>J<0><255><192>$<192>#<192><10><192><9><192><7><192><8><192>(<192>'<192><20><192><19><192><17><192><18><192>&<192>%<192>*<192>)<192><5><192><4><192><2><192><3><192><15><192><14><192><12><192><13><0>=<0><<0>/<0><5><0><4><0>5<0><10><0>g<0>k<0>3<0>9<0><22><1><0><0><18><0><10><0><8><0><6><0><23><0><24><0><25><0><11><0><2><1><0>
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = uQ4<22>g<201><137><163><218>a<225><171>k<144><7><186>
Wed Jun 18 15:20:25 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 15:20:25 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 15:20:25 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 15:20:25 2014: DEBUG: Handling with EAP: code 2, 95, 152, 13
Wed Jun 18 15:20:25 2014: DEBUG: Response type 13
Wed Jun 18 15:20:25 2014: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: Access challenged for user: EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Challenge
Identifier: 206
Authentic: yVX<11><238><17><156><141><17><204>{E<180>M<143>F
Attributes:
EAP-Message = <1>`<3><242><13><192><0><0><5><178><22><3><1><0>Q<2><0><0>M<3><1>S<161><146><25><253>><254><151><219><222>7Wc<29>`<232><242>D<17>d}<152><237><31><210>W:o<246><1><17><1> 7<213>K<201><237><182><198><234><158><25>`?<214>8E<214>n<239><133><<179><224>_<8><1>7N<202>N<157><151><4><0>/<0><0><5><255><1><0><1><0><22><3><1><4><228><11><0><4><224><0><4><221><0><2>M0<130><2>I0<130><1><178><160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<30><23><13>140618074012Z
EAP-Message = <23><13>150618074012Z0`1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<15>0<13><6><3>U<4><3><12><6>server0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><157><167>G<18><179>F<229>m]<166>b<208>jn<161><184><231><255>*<214>d<219><164>B<173><12>6<213><171><248><154>UH><138>^$[<20>j<152><214><25><170><1>L9<206>D<177><174><200><231>j<242>V<173><15><15><197><226>5!<128>^<222><138><204><190>&<20>cj5<134><201><153><232>w-`<16><170><155><202><239><254><172>s<17><0><142><5><18>:6<235><191><188><157><141><165><140><180>l<134><205><193><225><177><199>
EAP-Message = <14>%<196><225>Gt<216>d<16><153>><155><227><183><222><0>1<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><187>p<11><234>e+<163><191><203>g<195>%<159><204><255><176>f<159><182><223>/<7><169>XV<226>Z<199>D=E<192>L<213><225>8w<221>7<226><237>f<23><216><166><1>3<152>{<216>;<233>=n<163><159><157><150><191>4v<176>oX<16>1(<213><160><Q<148>j<191>~<197>^<159>M<198><234><169>?<255>j<191><142><206>%g<225><192>F<4><140><144><195><242><182>rS<176><185><15><223>wO<142>:<18><194><202>u<154><213>q<133>E<163>g=<172><143><245>uu4|<0><2><138>0<130><2><134>0<130><1><239><160><3><2><1><2><2><9><0><156>0<127><142><174><194><198><230>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>
EAP-Message = 0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<30><23><13>140618073858Z<23><13>160617073858Z0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><192>4z<168><128><211>v7<199><186><12>F* -<141><214>O<167>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 207
Authentic: <0><0><0><0> <220><150><137><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128e"
Calling-Station-Id = "48-74-6E-4F-8F-B2"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2>`<0><6><13><0>
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = <206><183>E,<137><145>4<150><216><158>M<175>6<190><6><11>
Wed Jun 18 15:20:25 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 15:20:25 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 15:20:25 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 15:20:25 2014: DEBUG: Handling with EAP: code 2, 96, 6, 13
Wed Jun 18 15:20:25 2014: DEBUG: Response type 13
Wed Jun 18 15:20:25 2014: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: Access challenged for user: EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Challenge
Identifier: 207
Authentic: }<216>(@<188>!e<21>ZI<186>KiU<154><197>
Attributes:
EAP-Message = <1>a<1><208><13><0>(<186>g<18>[<127><19>2P<255>E<165><185>W<204><144><191><240><151><128><155><137><185><246>m+<219><197><141><17><18><204><0><204>_<17><166><236><7><148>V)<28>}7U<234><3>GK<142><144><143>;Vu<131>A<226><178><180>@A<242><19><6><7><240>wV<243><17><8><217><206>_c@<3>,<146><235>]<250><230><217><218><25><190><158><166><198>klD<11><153><17>(<17>(<159><157><161>`<146><151>Y<197><2><3><1><0><1><163>P0N0<29><6><3>U<29><14><4><22><4><20><196>x<148><147>'M<161>j<226>z<14><164><254><187><4>P<139><185><144>s0<31><6><3>U<29>#<4><24>0<22><128><20><196>x<148><147>'M<161>j<226>z<14><164><254><187><4>P<139><185><144>s0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>5<226>\<211>gu<9>~<184>A<164>QE<133><193>v<208>Bl<27>Y<153><191><233>rr<158><255><159><13><226>i
EAP-Message = <138>$"VV<128>,<245>*<194><243><176>/<5><153><249><135><160><218><235>#-<205><132><181><197><139>D<236><219>:]<208>(<254><127>-,<7>}(<211>g<170>;<16>Gt"0!<151>;<248><3>9T<25>3I!D<159><161><208><127><239><169>0I<164><161><149><9>U<222><231>du<144><242><202>[<251>,1~(<153>~<226><9>I<251>1!<22><3><1><0>n<13><0><0>f<3><1><2>@<0>`<0>^0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA<14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 208
Authentic: <0><0><0><0> <220><150><137><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128e"
Calling-Station-Id = "48-74-6E-4F-8F-B2"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2>a<4><252><13><192><0><0><6>8<22><3><1><4><226><11><0><4><222><0><4><219><0><2>K0<130><2>G0<130><1><176><160><3><2><1><2><2><1><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<30><23><13>140618073914Z<23><13>150618073914Z0^1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11>
EAP-Message = <12><8>Fon Labs1<13>0<11><6><3>U<4><3><12><4>user0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><209><210><26>-<196><11><231><196><167>33<7>SE<25><16><167>u<218><196>e<211><167><16>)<18><142>&<151><170><28><20><164>0<23><162>h<148><156><150>0C<188>d<199><208>YlD<217>J<186><136><145><234><213>s<187><182><199><184><17><199>9<223><166>%<196><19><0><19>PW$<212><247><7><142>J<166><164><142><169>9<147><166>Al<179><224><186><181><27><210><160><204><145><183>=[<193>]<187><235><11>yg<206>_A<192><22><156><17><10><216>*<4><223><8><2>P0<250><29><159>B<5><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>Y<14><152><18>X<131>t<199><193><232>n<135>*<149><0>k<128>5<30><138><251><219>
EAP-Message = "N<8><182>O<200><251><164>"<242>J<218>]<223><130>i:<134>x<198><155><232><187><202><138>1<253><192>'<146>V<175><201><214><152><132>{<246><135><22><166><5><137>L<156>4<141>8<14>h<228><127>xS<138><240>z<12><236>(<199><179><179><22><151><198><159><23>]iye<<186>^<21><168><31>N.<214><177><18><207>)<179>B<26>D6<133>.<11><234><148><190><139><180>T<227><215><231>SRq<146><0><2><138>0<130><2><134>0<130><1><239><160><3><2><1><2><2><9><0><156>0<127><142><174><194><198><230>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<30><23><13>1406180
EAP-Message = 73858Z<23><13>160617073858Z0\1<11>0<9><6><3>U<4><6><19><2>ES1<15>0<13><6><3>U<4><8><12><6>Biscay1<14>0<12><6><3>U<4><7><12><5>Getxo1<12>0<10><6><3>U<4><10><12><3>Fon1<17>0<15><6><3>U<4><11><12><8>Fon Labs1<11>0<9><6><3>U<4><3><12><2>CA0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><192>4z<168><128><211>v7<199><186><12>F* -<141><214>O<167>(<186>g<18>[<127><19>2P<255>E<165><185>W<204><144><191><240><151><128><155><137><185><246>m+<219><197><141><17><18><204><0><204>_<17><166><236><7><148>V)<28>}7U<234><3>GK<142><144><143>;Vu<131>A<226><178><180>@A<242><19><6><7><240>wV<243><17><8><217><206>_c@<3>,<146><235>]<250><230><217><218><25><190><158>
EAP-Message = <166><198>klD<11><153><17>(<17>(<159><157><161>`<146><151>Y<197><2><3><1><0><1><163>P0N0<29><6><3>U<29><14><4><22><4><20><196>x<148><147>'M<161>j<226>z<14><164><254><187><4>P<139><185><144>s0<31><6><3>U<29>#<4><24>0<22><128><20><196>x<148><147>'M<161>j<226>z<14><164><254><187><4>P<139><185><144>s0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>5<226>\<211>gu<9>~<184>A<164>QE<133><193>v<208>Bl<27>Y<153><191><233>rr<158><255><159><13><226>i<138>$"VV<128>,<245>*<194><243><176>/<5><153><249><135><160><218><235>#-<205><132><181><197><139>D<236><219>:]<208>(<254><127>-,<7>}(<211>g<170>;<16>Gt"0!<151>;<248><3>9T<25>3I!D<159><161><208><127><239><169>0I<164><161><149><9>U<222><231>du<144><242><202>[<251>,1~(<153>~<226><9>I<251>1!
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = <1><184><207>cV<204><148><235><216><7>HwoF<184><252>
Wed Jun 18 15:20:25 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 15:20:25 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 15:20:25 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 15:20:25 2014: DEBUG: Handling with EAP: code 2, 97, 1276, 13
Wed Jun 18 15:20:25 2014: DEBUG: Response type 13
Wed Jun 18 15:20:25 2014: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: Access challenged for user: EAP TLS Challenge
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Challenge
Identifier: 208
Authentic: <140><19>F<16>p<23>Iig<247><129><2>Y<L<240>
Attributes:
EAP-Message = <1>b<0><6><13><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Received from 10.1.0.9 port 54719 ....
Code: Access-Request
Identifier: 209
Authentic: <0><0><0><0> <220><150><137><0><0><0><8><0><0><0><8>
Attributes:
Service-Type = Login-User
User-Name = "user"
Called-Station-Id = "C4-71-30-3E-84-C4"
NAS-Identifier = "c4-71-30-3e-84-c4"
Acct-Session-Id = "799e128e"
Calling-Station-Id = "48-74-6E-4F-8F-B2"
WISPr-Location-Name = "FON:TO"
Unknown-3414-40 = <0><0><0><0>
NAS-IP-Address = 10.1.0.9
Chargeable-User-Identity = ""
WISPr-Logoff-URL = "http://0.0.0.0:0/logoff"
EAP-Message = <2>b<1>L<13><0><@<169>Y_<139><241>.<167>T'*<134><5><170><17>=<244><178><204><254>0dY<190><224><237><9>]3<199><173><188>K<17>+<212><238><141><203><219><157><187>-0<230><201><163><173><14><188>c<206><242><248><27><193><169>P<187><218>4<167><29><159><157><170><197>Q<161>q<235><139><24><153><212><199>=<210>y<139>O<180>dl<163><173><184><5><152>!6<144><162>Z*<3><251><186>i~2%MP<131>9<138><157><174><141>QG<222><<217><227><25>j<0><149>(<169><<241><12><170><26><22><3><1><0><134><15><0><0><130><0><128><176>7D<8><174><14><161><153><211><29>#e1<130><22><191>4%5<193><226>j<212>I<21><229>0<175><23><224><4>VC<25><183><14>N<12><178>+<171><19>5<199>?<234>'<219>3-]<223><15><N&Sc<129><185>K<170><159><10>Y<232>.({<228>T<166>e<142>t<131><22><229><31><152>H<161><5><248><214>rQ<198>L<190>Y<139><237><233><252>5<230><171><205>,<232>~<251><156><214><127><20><195>
EAP-Message = ^i<207><183><247><6><20>Ye<247>B<183><223>dR<133><206><182><132>r<20><3><1><0><1><1><22><3><1><0>0<235>*<161>M`<181><20><143><134><238><132><185><206><193>R<7><210><248><151><156><193><215>iA<225><249><158><138><135><208>f<246><16><159>aU6qV<220>t<244><224><183><232>?n<1>
NAS-Port-Type = Wireless-IEEE-802-11
Message-Authenticator = <255><189><175><176>9<236>.i <250><182>z<141><157>M<192>
Wed Jun 18 15:20:25 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier ''
Wed Jun 18 15:20:25 2014: DEBUG: Deleting session for user, 10.1.0.9,
Wed Jun 18 15:20:25 2014: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 18 15:20:25 2014: DEBUG: Handling with EAP: code 2, 98, 332, 13
Wed Jun 18 15:20:25 2014: DEBUG: Response type 13
Wed Jun 18 15:20:25 2014: DEBUG: Certificate Subject Name is /C=ES/ST=Biscay/L=Getxo/O=Fon/OU=Fon Labs/CN=user
Wed Jun 18 15:20:25 2014: DEBUG: Matched certificate CN user with User-Name user or identity user
Wed Jun 18 15:20:25 2014: DEBUG: Radius::AuthFILE looks for match with user [user]
Wed Jun 18 15:20:25 2014: DEBUG: Radius::AuthFILE ACCEPT: : user [user]
Wed Jun 18 15:20:25 2014: ERR: EAP TLS error: -1, 1, 8592, 0, 28551: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Wed Jun 18 15:20:25 2014: DEBUG: EAP Failure, elapsed time 0.133201
Wed Jun 18 15:20:25 2014: DEBUG: EAP result: 1, EAP TLS error
Wed Jun 18 15:20:25 2014: DEBUG: AuthBy FILE result: REJECT, EAP TLS error
Wed Jun 18 15:20:25 2014: INFO: Access rejected for user: EAP TLS error
Wed Jun 18 15:20:25 2014: DEBUG: Packet dump:
*** Sending to 10.1.0.9 port 54719 ....
Code: Access-Reject
Identifier: 209
Authentic: pg<<209>c<151><192><2>-r<132><222>c<203><128><248>
Attributes:
EAP-Message = <4>b<0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Raw
script.sh
#!/bin/bash
SSL=/usr/local/openssl
export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}
export LD_LIBRARY_PATH=${SSL}/lib
# needed if you need to start from scratch otherwise the CA.pl -newca command doesn't copy the new
# private key into the CA directories
rm -rf demoCA
echo "*********************************************************************************"
echo "Creating self-signed private key and certificate"
echo "When prompted override the default value for the Common Name field"
echo "*********************************************************************************"
echo
# Generate a new self-signed certificate.
# After invocation, newreq.pem will contain a private key and certificate
# newreq.pem will be used in the next step
openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 \
-passin pass:whatever -passout pass:whatever
echo "*********************************************************************************"
echo "Creating a new CA hierarchy (used later by the "ca" command) with the certificate"
echo "and private key created in the last step"
echo "*********************************************************************************"
echo
echo "newreq.pem" | /usr/lib/ssl/misc/CA.pl -newca >/dev/null
echo "*********************************************************************************"
echo "Creating ROOT CA"
echo "*********************************************************************************"
echo
# Create a PKCS#12 file, using the previously created CA certificate/key
# The certificate in demoCA/cacert.pem is the same as in newreq.pem. Instead of
# using "-in demoCA/cacert.pem" we could have used "-in newreq.pem" and then omitted
# the "-inkey newreq.pem" because newreq.pem contains both the private key and certificate
openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts \
-passin pass:whatever -passout pass:whatever
echo 01 > ./demoCA/serial
# parse the PKCS#12 file just created and produce a PEM format certificate and key in root.pem
openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever
# Convert root certificate from PEM format to DER format
openssl x509 -inform PEM -outform DER -in root.pem -out root.der
echo "*********************************************************************************"
echo "Creating client private key and certificate"
echo "When prompted enter the client name in the Common Name field. This is the same"
echo " used as the Username in FreeRADIUS"
echo "*********************************************************************************"
echo
# Request a new PKCS#10 certificate.
# First, newreq.pem will be overwritten with the new certificate request
openssl req -new -keyout newreq.pem -out newreq.pem -days 730 \
-passin pass:whatever -passout pass:whatever
# Sign the certificate request. The policy is defined in the openssl.cnf file.
# The request generated in the previous step is specified with the -infiles option and
# the output is in newcert.pem
# The -extensions option is necessary to add the OID for the extended key for client authentication
openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever \
-key whatever -extensions xpclient_ext -extfile xpextensions \
-infiles newreq.pem
# Create a PKCS#12 file from the new certificate and its private key found in newreq.pem
# and place in file cert-clt.p12
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts \
-passin pass:whatever -passout pass:whatever
# parse the PKCS#12 file just created and produce a PEM format certificate and key in cert-clt.pem
openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout pass:whatever
# Convert certificate from PEM format to DER format
openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der
echo "*********************************************************************************"
echo "Creating server private key and certificate"
echo "When prompted enter the server name in the Common Name field."
echo "*********************************************************************************"
echo
# Request a new PKCS#10 certificate.
# First, newreq.pem will be overwritten with the new certificate request
openssl req -new -keyout newreq.pem -out newreq.pem -days 730 \
-passin pass:whatever -passout pass:whatever
# Sign the certificate request. The policy is defined in the openssl.cnf file.
# The request generated in the previous step is specified with the -infiles option and
# the output is in newcert.pem
# The -extensions option is necessary to add the OID for the extended key for server authentication
openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever \
-extensions xpserver_ext -extfile xpextensions -infiles newreq.pem
# Create a PKCS#12 file from the new certificate and its private key found in newreq.pem
# and place in file cert-srv.p12
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts \
-passin pass:whatever -passout pass:whatever
# parse the PKCS#12 file just created and produce a PEM format certificate and key in cert-srv.pem
openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever
# Convert certificate from PEM format to DER format
openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der
#clean up
rm newcert.pem newreq.pem
Raw
xpextensions
[ xpclient_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment